CVE-2022-4449
Page Scroll To ID < 1.7.6 - Contributor+ Stored XSSThe Page scroll to id WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
We have discovered 8,094 live websites that are affected by CVE-2022-4449.
Affected Software
| Product |  Page Scroll To Id |
| Category | Wordpress Plugins |
| Vulnerable Domains | 8,094 live websites (18% of Page Scroll To Id install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 23 versions ( 85% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jan 16, 2023
- Updated - Apr 7, 2025
Credits
- Lana Codes (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2022-4449 United States | 1,476 websites |
 Germany | 990 websites |
 Poland | 604 websites |
 Italy | 493 websites |
 France | 404 websites |
 GB | 281 websites |
 Russia | 262 websites |
 Czech Republic | 261 websites |
 Netherlands | 206 websites |
 Japan | 205 websites |
Website Distribution by TLD
Number of websites using CVE-2022-4449| .com | 2,712 websites |
| .de | 622 websites |
| .pl | 434 websites |
| .it | 331 websites |
| .org | 245 websites |
| .cz | 232 websites |
| .ru | 206 websites |
| .nl | 180 websites |
| .com.br | 180 websites |
| .fr | 158 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2022-4449
Top websites that are affected by CVE-2022-4449. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****************.com |  Singapore | **,*** | |
| ******.com |  Turkey | **,*** | |
| *************.hu |  Hungary | ***,*** | |
| ***.hu | Hungary | ***,*** | |
| ****.*********.com | United States | ***,*** | |
| *************.com |  Ireland | ***,*** | |
| ***.********.gov | United States | ***,*** | |
| ***********.com | United States | ***,*** | |
| ******.ro |  Romania | ***,*** | |
| **********.com | United States | ***,*** |
FAQ
CVE-2022-4449 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Page Scroll To Id
A total of 8,094 websites have been identified as vulnerable to CVE-2022-4449, based on global website indexing conducted by WebTechSurvey.
The Page Scroll To Id is affected by the CVE-2022-4449 vulnerability.
Page Scroll To Id versions up to 1.7.6 are vulnerable to CVE-2022-4449.
CVE-2022-4449 is resolved in version 1.7.6 of Page Scroll To Id.